JAPANESE ORGANIZATIONS HIT BY CHINA’S HACKERS USED SKYSEA SOFTWARE
- By The Financial District

- Apr 29, 2021
- 2 min read
The comprehensive information technology management tool Skysea was used by all Japanese businesses and other entities hit by large-scale cyberattacks in 2016 and 2017 believed to have been masterminded by China's People's Liberation Army, Buntaro Saito reported in a Japanese-language story for the Mainichi Shimbun.

The link came to light in interviews with people connected to the issue. The Metropolitan Police Department's (MPD) Public Security Bureau is investigating with a view that the software, sold only in Japan, was obtained by the Chinese military and analyzed for vulnerabilities to launch an attack.
According to the source, the attacks appear to have begun in June 2016 and took advantage of a vulnerability in Skysea. Sky, the Osaka-based firm that develops the software, announced it had implemented countermeasures about half a year later, in December.
However, attacks targeting businesses and others yet to update the software reportedly continued well into 2017.
Sky has progressively updated its product since, and on April 21 it gave its view that "at present, almost all our customers are using versions with countermeasures in place."
The Chinese hacking group Tick is believed to have taken part in the attacks; it reportedly has a high level of technical knowledge capable of discovering vulnerabilities developers have yet to realize exist.
Until now there has been no clear picture of Tick, but the MPD's Public Security Bureau has confirmed it is a subordinate to the People's Liberation Army Strategic Support Force, which is responsible for cyberattacks, and that its members overlap with Unit 61419, who primarily target Japan and South Korea.
The attacks this time revealed the existence of individuals taking orders from military-connected personnel.
In addition to a Chinese Communist Party member in his 30s who was referred in papers to Japanese prosecutors on suspicion of unauthorized creation and use of electronic or magnetic records, a former international student of Chinese citizenship also appears to have entered under a false name into the contract for the server used in the attack.

![TFD [LOGO] (10).png](https://static.wixstatic.com/media/bea252_c1775b2fb69c4411abe5f0d27e15b130~mv2.png/v1/crop/x_150,y_143,w_1221,h_1193/fill/w_179,h_176,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/TFD%20%5BLOGO%5D%20(10).png)







